|
|
dac76a |
diff --git a/docs/manual/developer_guide.adoc b/docs/manual/developer_guide.adoc
|
|
|
dac76a |
index 76c1c10218..d2b94207d4 100644
|
|
|
dac76a |
--- a/docs/manual/developer_guide.adoc
|
|
|
dac76a |
+++ b/docs/manual/developer_guide.adoc
|
|
|
dac76a |
@@ -1555,12 +1555,9 @@ mount_option_remote_filesystems::
|
|
|
dac76a |
* Languages: Ansible, Bash, OVAL
|
|
|
dac76a |
|
|
|
dac76a |
mount_option_removable_partitions::
|
|
|
dac76a |
-* Checks if all removable media mounts are mounted with a specific option.
|
|
|
dac76a |
+* Checks if all removable media mounts are mounted with a specific option. Unlike other mount option templates, this template doesn't use the mount point, but the block device. The block device path (eg. `/dev/cdrom`) is always set to `var_removable_partition`. This is an XCCDF Value, defined in `link:{rootdir}/linux_os/guide/system/permissions/partitions/var_removable_partition.var[var_removable_partition.var]`
|
|
|
dac76a |
* Parameters:
|
|
|
dac76a |
-** *mountpoint* - always set to `var_removable_partition`. This is an XCCDF Value, defined in `link:{rootdir}/linux_os/guide/system/permissions/partitions/var_removable_partition.var[var_removable_partition.var]`
|
|
|
dac76a |
** *mountoption* - mount option, eg. `nodev`
|
|
|
dac76a |
-** *filesystem* - filesystem of new mount point (used when adding new entry in `/etc/fstab`), eg. `tmpfs`. Used only in Bash remediation.
|
|
|
dac76a |
-** *mount_has_to_exist* - Used only in Bash remediation. Specifies if the *mountpoint* entry has to exist in `/etc/fstab` before the remediation is executed. If set to `yes` and the *mountpoint* entry is not present in `/etc/fstab` the Bash remediation terminates. If set to `no` the *mountpoint* entry will be created in `/etc/fstab`.
|
|
|
dac76a |
* Languages: Anaconda, Ansible, Bash, OVAL
|
|
|
dac76a |
|
|
|
dac76a |
package_installed::
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
|
|
|
dac76a |
index 7fd5237f1d..ef3fed7bac 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
|
|
|
dac76a |
@@ -39,8 +39,6 @@ platform: machine
|
|
|
dac76a |
template:
|
|
|
dac76a |
name: mount_option_removable_partitions
|
|
|
dac76a |
vars:
|
|
|
dac76a |
- mount_has_to_exist: 'yes'
|
|
|
dac76a |
mountoption: nodev
|
|
|
dac76a |
- mountpoint: var_removable_partition
|
|
|
dac76a |
backends:
|
|
|
dac76a |
anaconda: 'off'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
|
|
|
dac76a |
index 0cff560310..b95e2394a7 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
|
|
|
dac76a |
@@ -47,8 +47,6 @@ platform: machine
|
|
|
dac76a |
template:
|
|
|
dac76a |
name: mount_option_removable_partitions
|
|
|
dac76a |
vars:
|
|
|
dac76a |
- mount_has_to_exist: 'yes'
|
|
|
dac76a |
mountoption: noexec
|
|
|
dac76a |
- mountpoint: var_removable_partition
|
|
|
dac76a |
backends:
|
|
|
dac76a |
anaconda: 'off'
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_bad_opts.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_bad_opts.fail.sh
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..10fd6cdad0
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_bad_opts.fail.sh
|
|
|
dac76a |
@@ -0,0 +1,4 @@
|
|
|
dac76a |
+#!/bin/bash
|
|
|
dac76a |
+
|
|
|
dac76a |
+touch /dev/cdrom
|
|
|
dac76a |
+echo "/dev/cdrom /var/cdrom iso9660 ro 0 0" > /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_good_opts.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_good_opts.pass.sh
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..ae33d8312a
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_good_opts.pass.sh
|
|
|
dac76a |
@@ -0,0 +1,4 @@
|
|
|
dac76a |
+#!/bin/bash
|
|
|
dac76a |
+
|
|
|
dac76a |
+touch /dev/cdrom
|
|
|
dac76a |
+echo "/dev/cdrom /var/cdrom iso9660 noexec 0 0" > /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.fail.sh
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..a68453097d
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.fail.sh
|
|
|
dac76a |
@@ -0,0 +1,4 @@
|
|
|
dac76a |
+#!/bin/bash
|
|
|
dac76a |
+
|
|
|
dac76a |
+touch /dev/cdrom
|
|
|
dac76a |
+echo "/dev/cdrom /media/cdrom iso9660 ro,noauto,nosuid,nodev,defaults 0 0" >> /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.pass.sh
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..472a5e0578
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts.pass.sh
|
|
|
dac76a |
@@ -0,0 +1,4 @@
|
|
|
dac76a |
+#!/bin/bash
|
|
|
dac76a |
+
|
|
|
dac76a |
+touch /dev/cdrom
|
|
|
dac76a |
+echo "/dev/cdrom /media/cdrom iso9660 ro,noauto,nosuid,noexec,nodev 0 0" >> /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_first.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_first.pass.sh
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..ab2815f713
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_first.pass.sh
|
|
|
dac76a |
@@ -0,0 +1,4 @@
|
|
|
dac76a |
+#!/bin/bash
|
|
|
dac76a |
+
|
|
|
dac76a |
+touch /dev/cdrom
|
|
|
dac76a |
+echo "/dev/cdrom /media/cdrom iso9660 noexec,ro,noauto,nosuid,nodev 0 0" >> /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_last.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_last.pass.sh
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..5316c7c319
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/cd_multiple_opts_last.pass.sh
|
|
|
dac76a |
@@ -0,0 +1,4 @@
|
|
|
dac76a |
+#!/bin/bash
|
|
|
dac76a |
+
|
|
|
dac76a |
+touch /dev/cdrom
|
|
|
dac76a |
+echo "/dev/cdrom /media/cdrom iso9660 ro,noauto,nosuid,nodev,noexec 0 0" >> /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_bad_opts.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_bad_opts.fail.sh
|
|
|
dac76a |
deleted file mode 100644
|
|
|
dac76a |
index 96540c9f34..0000000000
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_bad_opts.fail.sh
|
|
|
dac76a |
+++ /dev/null
|
|
|
dac76a |
@@ -1,8 +0,0 @@
|
|
|
dac76a |
-#!/bin/bash
|
|
|
dac76a |
-#
|
|
|
dac76a |
-# profiles = xccdf_org.ssgproject.content_profile_C2S
|
|
|
dac76a |
-
|
|
|
dac76a |
-. $SHARED/removable_partitions.sh
|
|
|
dac76a |
-
|
|
|
dac76a |
-touch /dev/dvd
|
|
|
dac76a |
-dvdrom_fstab_line > /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_good_opts.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_good_opts.pass.sh
|
|
|
dac76a |
deleted file mode 100644
|
|
|
dac76a |
index 1f29c61f23..0000000000
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/dvd_good_opts.pass.sh
|
|
|
dac76a |
+++ /dev/null
|
|
|
dac76a |
@@ -1,8 +0,0 @@
|
|
|
dac76a |
-#!/bin/bash
|
|
|
dac76a |
-#
|
|
|
dac76a |
-# profiles = xccdf_org.ssgproject.content_profile_C2S
|
|
|
dac76a |
-
|
|
|
dac76a |
-. $SHARED/removable_partitions.sh
|
|
|
dac76a |
-
|
|
|
dac76a |
-touch /dev/dvd
|
|
|
dac76a |
-dvdrom_fstab_line noexec > /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh
|
|
|
dac76a |
index 9f348f24c2..cb39b089ec 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/tests/no_partitions.pass.sh
|
|
|
dac76a |
@@ -1,6 +1,7 @@
|
|
|
dac76a |
#!/bin/bash
|
|
|
dac76a |
-#
|
|
|
dac76a |
-# profiles = xccdf_org.ssgproject.content_profile_C2S
|
|
|
dac76a |
+
|
|
|
dac76a |
+# Regression test for rhbz#1403905
|
|
|
dac76a |
+# The rule should pass if there is no removable media entry in /etc/fstab
|
|
|
dac76a |
|
|
|
dac76a |
touch /dev/cdrom
|
|
|
dac76a |
echo "" > /etc/fstab
|
|
|
dac76a |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
|
|
|
dac76a |
index 1ec828b015..b77c48a295 100644
|
|
|
dac76a |
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
|
|
|
dac76a |
@@ -41,8 +41,6 @@ platform: machine
|
|
|
dac76a |
template:
|
|
|
dac76a |
name: mount_option_removable_partitions
|
|
|
dac76a |
vars:
|
|
|
dac76a |
- mount_has_to_exist: 'yes'
|
|
|
dac76a |
mountoption: nosuid
|
|
|
dac76a |
- mountpoint: var_removable_partition
|
|
|
dac76a |
backends:
|
|
|
dac76a |
anaconda: 'off'
|
|
|
dac76a |
diff --git a/shared/templates/template_ANACONDA_mount_option_removable_partitions b/shared/templates/template_ANACONDA_mount_option_removable_partitions
|
|
|
dac76a |
index 8092f6648a..b4510ae804 100644
|
|
|
dac76a |
--- a/shared/templates/template_ANACONDA_mount_option_removable_partitions
|
|
|
dac76a |
+++ b/shared/templates/template_ANACONDA_mount_option_removable_partitions
|
|
|
dac76a |
@@ -4,4 +4,4 @@
|
|
|
dac76a |
# complexity = low
|
|
|
dac76a |
# disruption = high
|
|
|
dac76a |
|
|
|
dac76a |
-part (anaconda-populate {{{ MOUNTPOINT }}}) --mountoptions="{{{ MOUNTOPTION }}}"
|
|
|
dac76a |
+part (anaconda-populate var_removable_partition) --mountoptions="{{{ MOUNTOPTION }}}"
|
|
|
dac76a |
diff --git a/shared/templates/template_ANSIBLE_mount_option_removable_partitions b/shared/templates/template_ANSIBLE_mount_option_removable_partitions
|
|
|
dac76a |
index aafce84762..374499261d 100644
|
|
|
dac76a |
--- a/shared/templates/template_ANSIBLE_mount_option_removable_partitions
|
|
|
dac76a |
+++ b/shared/templates/template_ANSIBLE_mount_option_removable_partitions
|
|
|
dac76a |
@@ -3,31 +3,11 @@
|
|
|
dac76a |
# strategy = configure
|
|
|
dac76a |
# complexity = low
|
|
|
dac76a |
# disruption = high
|
|
|
dac76a |
-- (xccdf-var {{{ MOUNTPOINT }}})
|
|
|
dac76a |
+- (xccdf-var var_removable_partition)
|
|
|
dac76a |
|
|
|
dac76a |
-- name: get back mount information associated to mountpoint
|
|
|
dac76a |
- command: findmnt --fstab '{{ {{{ MOUNTPOINT }}} }}'
|
|
|
dac76a |
- register: device_name
|
|
|
dac76a |
- failed_when: device_name.rc > 1
|
|
|
dac76a |
- changed_when: False
|
|
|
dac76a |
-
|
|
|
dac76a |
-- name: create mount_info dictionary variable
|
|
|
dac76a |
- set_fact:
|
|
|
dac76a |
- mount_info: "{{ mount_info|default({})|combine({item.0: item.1}) }}"
|
|
|
dac76a |
- with_together:
|
|
|
dac76a |
- - "{{ device_name.stdout_lines[0].split() | list | lower }}"
|
|
|
dac76a |
- - "{{ device_name.stdout_lines[1].split() | list }}"
|
|
|
dac76a |
- when:
|
|
|
dac76a |
- - device_name.stdout is defined and device_name.stdout_lines is defined
|
|
|
dac76a |
- - (device_name.stdout | length > 0)
|
|
|
dac76a |
-
|
|
|
dac76a |
-- name: Ensure permission {{{ MOUNTOPTION }}} are set on {{{ MOUNTPOINT }}}
|
|
|
dac76a |
- mount:
|
|
|
dac76a |
- path: "{{ {{{ MOUNTPOINT }}} }}"
|
|
|
dac76a |
- src: "{{ mount_info.source }}"
|
|
|
dac76a |
- opts: "{{ mount_info.options }},{{{ MOUNTOPTION }}}"
|
|
|
dac76a |
- state: "mounted"
|
|
|
dac76a |
- fstype: "{{ mount_info.fstype }}"
|
|
|
dac76a |
- when:
|
|
|
dac76a |
- - device_name.stdout is defined
|
|
|
dac76a |
- - (device_name.stdout | length > 0)
|
|
|
dac76a |
+- name: Ensure permission {{{ MOUNTOPTION }}} are set on var_removable_partition
|
|
|
dac76a |
+ lineinfile:
|
|
|
dac76a |
+ path: /etc/fstab
|
|
|
dac76a |
+ regexp: '^\s*({{ var_removable_partition }})\s+([^\s]*)\s+([^\s]*)\s+([^\s]*)(.*)$'
|
|
|
dac76a |
+ backrefs: yes
|
|
|
dac76a |
+ line: '\1 \2 \3 \4,{{{ MOUNTOPTION }}} \5'
|
|
|
dac76a |
diff --git a/shared/templates/template_BASH_mount_option_removable_partitions b/shared/templates/template_BASH_mount_option_removable_partitions
|
|
|
dac76a |
index dad2c8b718..5293bffc1a 100644
|
|
|
dac76a |
--- a/shared/templates/template_BASH_mount_option_removable_partitions
|
|
|
dac76a |
+++ b/shared/templates/template_BASH_mount_option_removable_partitions
|
|
|
dac76a |
@@ -4,19 +4,15 @@
|
|
|
dac76a |
# Include source function library.
|
|
|
dac76a |
. /usr/share/scap-security-guide/remediation_functions
|
|
|
dac76a |
|
|
|
dac76a |
-populate {{{ MOUNTPOINT }}}
|
|
|
dac76a |
+populate var_removable_partition
|
|
|
dac76a |
|
|
|
dac76a |
-include_mount_options_functions
|
|
|
dac76a |
+device_regex="^\s*$var_removable_partition\s\+"
|
|
|
dac76a |
+mount_option="{{{ MOUNTOPTION }}}"
|
|
|
dac76a |
|
|
|
dac76a |
-function perform_remediation {
|
|
|
dac76a |
- # test "$mount_has_to_exist" = 'yes'
|
|
|
dac76a |
- if test "{{{ MOUNT_HAS_TO_EXIST }}}" = 'yes'; then
|
|
|
dac76a |
- assert_mount_point_in_fstab "${{{ MOUNTPOINT }}}" || { echo "Not remediating, because there is no record of ${{{ MOUNTPOINT }}} in /etc/fstab" >&2; return 1; }
|
|
|
dac76a |
- fi
|
|
|
dac76a |
-
|
|
|
dac76a |
- ensure_mount_option_in_fstab "${{{ MOUNTPOINT }}}" "{{{ MOUNTOPTION }}}" "{{{ FILESYSTEM }}}" "{{{ TYPE }}}"
|
|
|
dac76a |
-
|
|
|
dac76a |
- ensure_partition_is_mounted "${{{ MOUNTPOINT }}}"
|
|
|
dac76a |
-}
|
|
|
dac76a |
-
|
|
|
dac76a |
-perform_remediation
|
|
|
dac76a |
+if grep -q $device_regex /etc/fstab ; then
|
|
|
dac76a |
+ previous_opts=$(grep $device_regex /etc/fstab | awk '{print $4}')
|
|
|
dac76a |
+ sed -i "s|\($device_regex.*$previous_opts\)|\1,$mount_option|" /etc/fstab
|
|
|
dac76a |
+else
|
|
|
dac76a |
+ echo "Not remediating, because there is no record of $var_removable_partition in /etc/fstab" >&2
|
|
|
dac76a |
+ return 1
|
|
|
dac76a |
+fi
|
|
|
dac76a |
diff --git a/shared/templates/template_OVAL_mount_option_removable_partitions b/shared/templates/template_OVAL_mount_option_removable_partitions
|
|
|
dac76a |
index 8b1987fbb5..4304c175e1 100644
|
|
|
dac76a |
--- a/shared/templates/template_OVAL_mount_option_removable_partitions
|
|
|
dac76a |
+++ b/shared/templates/template_OVAL_mount_option_removable_partitions
|
|
|
dac76a |
@@ -1,39 +1,31 @@
|
|
|
dac76a |
<def-group>
|
|
|
dac76a |
- <definition class="compliance" id="mount_option_{{{ MOUNTOPTION }}}_removable_partitions" version="4">
|
|
|
dac76a |
+ <definition class="compliance" id="mount_option_{{{ MOUNTOPTION }}}_removable_partitions" version="5">
|
|
|
dac76a |
<metadata>
|
|
|
dac76a |
<title>Add {{{ MOUNTOPTION }}} Option to Removable Media Partitions</title>
|
|
|
dac76a |
{{{- oval_affected(products) }}}
|
|
|
dac76a |
<description>The {{{ MOUNTOPTION }}} option should be enabled for all removable devices mounts in /etc/fstab.</description>
|
|
|
dac76a |
</metadata>
|
|
|
dac76a |
<criteria operator="OR">
|
|
|
dac76a |
-
|
|
|
dac76a |
+
|
|
|
dac76a |
since there's no device to check against -->
|
|
|
dac76a |
|
|
|
dac76a |
definition_ref="removable_partition_doesnt_exist" />
|
|
|
dac76a |
|
|
|
dac76a |
- names in /etc/fstab & runtime configuration are configured with '{{{ MOUNTOPTION }}}' option -->
|
|
|
dac76a |
+ names in /etc/fstab are configured with '{{{ MOUNTOPTION }}}' option -->
|
|
|
dac76a |
<criteria operator="AND">
|
|
|
dac76a |
|
|
|
dac76a |
definition_ref="var_removable_partition_is_cd_dvd_drive" />
|
|
|
dac76a |
<criteria operator="OR">
|
|
|
dac76a |
- <criteria operator="AND">
|
|
|
dac76a |
-
|
|
|
dac76a |
+
|
|
|
dac76a |
comment="Check if at least one from CD/DVD drive alternative names is using '{{{ MOUNTOPTION }}}' mount option in /etc/fstab" />
|
|
|
dac76a |
-
|
|
|
dac76a |
- comment="Check if at least one from CD/DVD drive alternative names is using '{{{ MOUNTOPTION }}}' mount option in runtime configuration" />
|
|
|
dac76a |
- </criteria>
|
|
|
dac76a |
|
|
|
dac76a |
comment="Check if CD/DVD drive is not configured to automount in /etc/fstab" />
|
|
|
dac76a |
</criteria>
|
|
|
dac76a |
</criteria>
|
|
|
dac76a |
|
|
|
dac76a |
- /etc/fstab & runtime configuration -->
|
|
|
dac76a |
- <criteria operator="AND">
|
|
|
dac76a |
-
|
|
|
dac76a |
+ /etc/fstab -->
|
|
|
dac76a |
+
|
|
|
dac76a |
comment="Check if removable partition is using '{{{ MOUNTOPTION }}}' mount option in /etc/fstab" />
|
|
|
dac76a |
-
|
|
|
dac76a |
- comment="Check if removable partition is using '{{{ MOUNTOPTION }}}' mount option in runtime configuration" />
|
|
|
dac76a |
- </criteria>
|
|
|
dac76a |
</criteria>
|
|
|
dac76a |
</definition>
|
|
|
dac76a |
|
|
|
dac76a |
@@ -58,7 +50,7 @@
|
|
|
dac76a |
</local_variable>
|
|
|
dac76a |
|
|
|
dac76a |
|
|
|
dac76a |
- names to check /etc/fstab & runtime settings -->
|
|
|
dac76a |
+ names to check /etc/fstab -->
|
|
|
dac76a |
<ind:textfilecontent54_test id="test_{{{ MOUNTOPTION }}}_etc_fstab_cd_dvd_drive" check_existence="any_exist" check="all" comment="'{{{ MOUNTOPTION }}}' mount option used for at least one CD / DVD drive alternative names in /etc/fstab" version="1">
|
|
|
dac76a |
<ind:object object_ref="object_{{{ MOUNTOPTION }}}_etc_fstab_cd_dvd_drive" />
|
|
|
dac76a |
<ind:state state_ref="state_{{{ MOUNTOPTION }}}_etc_fstab_cd_dvd_drive" />
|
|
|
dac76a |
@@ -74,27 +66,8 @@
|
|
|
dac76a |
<ind:subexpression operation="pattern match" datatype="string">^.*,?{{{ MOUNTOPTION }}},?.*$</ind:subexpression>
|
|
|
dac76a |
</ind:textfilecontent54_state>
|
|
|
dac76a |
|
|
|
dac76a |
- <linux:partition_test id="test_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" check="all" comment="'{{{ MOUNTOPTION }}}' mount option used for at least one CD / DVD drive alternative names in runtime configuration" version="1">
|
|
|
dac76a |
- <linux:object object_ref="object_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" />
|
|
|
dac76a |
- </linux:partition_test>
|
|
|
dac76a |
-
|
|
|
dac76a |
- <linux:partition_object id="object_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" version="1">
|
|
|
dac76a |
-
|
|
|
dac76a |
- => Capture all & filter out only the relevant ones via the corresponding state -->
|
|
|
dac76a |
- <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
|
|
|
dac76a |
-
|
|
|
dac76a |
- device set to some CD / DVD drive alternative name and simultaneously
|
|
|
dac76a |
- having '{{{ MOUNTOPTION }}}' mount option used -->
|
|
|
dac76a |
- <filter action="include">state_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive</filter>
|
|
|
dac76a |
- </linux:partition_object>
|
|
|
dac76a |
-
|
|
|
dac76a |
- <linux:partition_state id="state_{{{ MOUNTOPTION }}}_runtime_cd_dvd_drive" version="1">
|
|
|
dac76a |
- <linux:device datatype="string" operation="equals" var_ref="variable_cd_dvd_drive_alternative_names_{{{ MOUNTOPTION }}}" var_check="at least one" />
|
|
|
dac76a |
- <linux:mount_options datatype="string" entity_check="at least one" operation="equals">{{{ MOUNTOPTION }}}</linux:mount_options>
|
|
|
dac76a |
- </linux:partition_state>
|
|
|
dac76a |
-
|
|
|
dac76a |
|
|
|
dac76a |
- Check if configured with '{{{ MOUNTOPTION }}}' mount option in both /etc/fstab & runtime configuration -->
|
|
|
dac76a |
+ Check if configured with '{{{ MOUNTOPTION }}}' mount option in both /etc/fstab -->
|
|
|
dac76a |
<ind:textfilecontent54_test id="test_{{{ MOUNTOPTION }}}_etc_fstab_not_cd_dvd_drive" check="at least one" check_existence="all_exist" comment="Check if removable partition is configured with '{{{ MOUNTOPTION }}}' mount option in /etc/fstab" version="1">
|
|
|
dac76a |
<ind:object object_ref="object_{{{ MOUNTOPTION }}}_etc_fstab_not_cd_dvd_drive" />
|
|
|
dac76a |
<ind:state state_ref="state_{{{ MOUNTOPTION }}}_etc_fstab_not_cd_dvd_drive" />
|
|
|
dac76a |
@@ -121,25 +94,6 @@
|
|
|
dac76a |
<ind:subexpression operation="pattern match" datatype="string">^.*,?{{{ MOUNTOPTION }}},?.*</ind:subexpression>
|
|
|
dac76a |
</ind:textfilecontent54_state>
|
|
|
dac76a |
|
|
|
dac76a |
- <linux:partition_test id="test_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" check="all" check_existence="all_exist" comment="'{{{ MOUNTOPTION }}}' mount option used for removable partition in runtime configuration" version="1">
|
|
|
dac76a |
- <linux:object object_ref="object_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" />
|
|
|
dac76a |
- </linux:partition_test>
|
|
|
dac76a |
-
|
|
|
dac76a |
- <linux:partition_object id="object_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" version="1">
|
|
|
dac76a |
-
|
|
|
dac76a |
- exact name ahead => Capture all & filter out only those relevant later via state -->
|
|
|
dac76a |
- <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
|
|
|
dac76a |
-
|
|
|
dac76a |
- to 'var_removable_partition' variable value and simultaneously having
|
|
|
dac76a |
- '{{{ MOUNTOPTION }}}' mount option set -->
|
|
|
dac76a |
- <filter action="include">state_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive</filter>
|
|
|
dac76a |
- </linux:partition_object>
|
|
|
dac76a |
-
|
|
|
dac76a |
- <linux:partition_state id="state_{{{ MOUNTOPTION }}}_runtime_not_cd_dvd_drive" version="1">
|
|
|
dac76a |
- <linux:device datatype="string" operation="equals" var_ref="var_removable_partition" var_check="at least one" />
|
|
|
dac76a |
- <linux:mount_options datatype="string" entity_check="at least one" operation="equals">{{{ MOUNTOPTION }}}</linux:mount_options>
|
|
|
dac76a |
- </linux:partition_state>
|
|
|
dac76a |
-
|
|
|
dac76a |
<external_variable comment="removable partition" datatype="string" id="var_removable_partition" version="1" />
|
|
|
dac76a |
|
|
|
dac76a |
</def-group>
|
|
|
dac76a |
diff --git a/ssg/templates.py b/ssg/templates.py
|
|
|
dac76a |
index e5ed4890b4..d0af1b19da 100644
|
|
|
dac76a |
--- a/ssg/templates.py
|
|
|
dac76a |
+++ b/ssg/templates.py
|
|
|
dac76a |
@@ -237,7 +237,7 @@ def mount_option_remote_filesystems(data, lang):
|
|
|
dac76a |
|
|
|
dac76a |
@template(["anaconda", "ansible", "bash", "oval"])
|
|
|
dac76a |
def mount_option_removable_partitions(data, lang):
|
|
|
dac76a |
- return _mount_option(data, lang)
|
|
|
dac76a |
+ return data
|
|
|
dac76a |
|
|
|
dac76a |
|
|
|
dac76a |
@template(["anaconda", "ansible", "bash", "oval", "puppet"])
|